MOSAIC
The Modernization
of Safeguards
Information Technology:
Completing the picture
MOSAIC:
THE MODERNIZATION OF SAFEGUARDS
INFORMATION TECHNOLOGY
The Department of Safeguards,
International Atomic Energy Agency
(IAEA), has set an objective to have a
modernized IT system in place in 2018
that will allow it to perform safeguards
implementation processes (shown by the
chart below) more efficiently, effectively,
and securely. The foreseen benefits
will allow the Department to be more
productive, in turn allowing Safeguards to
meet the rising demand for its services.
This publication summarizes the
Department of Safeguards’ actions to
modernize its information technology
(IT) capabilities through the MOSAIC
programme. Following the successful
migration of Safeguards data from
outdated mainframe technology, the
MOSAIC programme was initiated in
2015. Within these pages, we describe
some of the achievements of MOSAIC to
date, and what remains to be done before
the programme is completed in 2018.
IT Support to Safeguards Implementation Processes
2015
2018
1. Collect and process
safeguards information
9. Establish findings and
draw safeguards conclusions
8. Evaluate results
of safeguards activities
2. Evaluate all safeguards
relevant information
3. Analyse diversion
and/or acquisition paths
4. Establish and prioritize
technical objectives
7. Conduct in-field and
HQ safeguards activities
5. Identify applicable
safeguards measures
6. Develop annual plan
for safeguards activities
CONTENTS
02
MOSAIC: A vital component
for effective nuclear safeguards
in the 21st century
By Tero Varjoranta, Deputy Director
General, Department of Safeguards
04
MOSAIC: Supplying solutions
By John Coyne, Director, Office of
Information and Communication
Systems, Department of Safeguards
06
Why is MOSAIC important?
08
How is MOSAIC working
in practice?
10
MOSAIC: Making our operations
more efficient and effective
By Haroldo Barroso Junior,
Director, Division of Operations C,
Department of Safeguards
12
Case study:
State Declarations Portal
14
Case study:
Electronic Verification Package
and Field Activity Reporting
16
Case study:
Collaborative Analysis Platform
18
MOSAIC and information security
21
MOSAIC: Where we will be in 2018
23
The MOSAIC team
24
MOSAIC: Bringing the
pieces together
By Florin Abazi, MOSAIC
Programme Coordinator, Office
of the Deputy Director General,
Department of Safeguards
26
MOSAIC timeline 2015–2018
27
The projects of MOSAIC
MOSAIC: A VITAL COMPONENT FOR
EFFECTIVE NUCLEAR SAFEGUARDS
IN THE 21ST CENTURY
The MOSAIC programme is the IT
foundation from which nuclear safeguards
implementation will be enabled going
forward. Through the creation of new
software and applications, benefits can
be realized in improving safeguardsrelevant interaction between the Agency
and Member States, connecting staff
in the field with those at headquarters,
and enhancing collaboration between
Safeguards staff. As a result, MOSAIC
will enable Safeguards to work
more efficiently and effectively.
By Tero Varjoranta
The key mission of the Department of
Safeguards has not altered since the
IAEA was established nearly 60 years
ago: to deter the spread of nuclear
weapons by the early detection of the
misuse of nuclear material or technology.
This is achieved through the application
of Safeguards — a set of technical
measures applied by the IAEA on nuclear
material and activities. However, the
environment that safeguards works within,
and the technologies that we deploy to
fulfil our mission, continue to evolve.
Following initial preparations,
modernization activities started with the
establishment of a secure IT environment
(2005–2009), followed by the partial
modernization of software applications
(2007–2011), and continued with the
transfer of data and software applications
to a new platform (2012–2015). The latter
endeavor — the mainframe migration —
was a notable success: completed on
schedule and within scope and budget.
The MOSAIC programme (2015–2018)
is developing applications and software
to take Safeguards IT into the future. As
has been the case with previous Agency
IT projects, the MOSAIC programme
is funded from a combination of the
Regular Budget, the Major Capital
Investment Fund, and extrabudgetary
contributions. The current estimate of the
total cost of implementing the MOSAIC
project is approximately €41 million.
The demands on the Department
of Safeguards continue to increase.
Today, the Department is implementing
safeguards in 181 States. From
2010–2015, the number of States with
Additional Protocols increased by
22%, the number of Nuclear Material
Accounting Reports increased by 20%,
and the amount of nuclear material under
safeguards increased by 17%. With a
fairly static budget this means we need
to improve our productivity. One of the
ways in which we achieve this is through
investment in modern technologies.
To ensure MOSAIC meets the
requirements of users, it provides
bespoke, in-house developed, solutions
2
that will improve the structure and
integration of all safeguards information
within a modernized safeguards
IT system. Safeguards staff will be
provided with improved and timely
access to information. The introduction
of new and improved IT applications
and their integration with existing ones
will allow better planning, conducting,
reporting, and quality assessment of
safeguards activities. They will enable
staff to search information across
the entire repository; carefully crosscheck different types of information;
and utilize information in visual formats
(e.g. overhead imagery). This will help the
Agency to better preserve its institutional
knowledge. Across the Department,
we are already seeing the fruits of this
labour through gains in efficiencies,
effectiveness, and communication.
budget. MOSAIC staff track and report on
all elements of the programme resources
and budget to ensure that we are being
cost conscious and guaranteeing value on
investment. This also allows us to convey
to our Member States the progressbased nature of the programme; the
funding of the MOSAIC programme is
contingent on demonstrated results.
One of the elements of the MOSAIC
programme that has really impressed
me is the human factor. The system
incorporates established practices
in programme management and IT
development, and allows lessons
learned to be applied. This means
Product Owners have direct access
to the people analysing the business
need and developing the solutions. It is
a remarkably flexible platform, with the
ability to add, modify, and integrate new
applications in an agile manner whenever
needed. Thanks to the dedicated work
of the staff, MOSAIC is progressing on
schedule, within budget and scope.
MOSAIC is also improving Safeguards
information security. It is laying the
infrastructure to ensure the security of
Safeguards information in a world where
cyber-threats are increasing in number
and complexity. We are also improving our
own internal data security arrangements
by enhancing our IT capabilities along with
strengthened authorization management
and information classification.
MOSAIC is not reinventing the way we
apply safeguards, but we need to be
proactive to meet current and future
challenges. By employing modern IT
solutions to the work of Safeguards, and
continually reviewing the utility of new
technologies for use in implementing
our mandate, we will be able to
keep pace with these challenges. By
taking this proactive approach, the
IAEA Department of Safeguards will
continue to play an important role in the
maintenance of international peace and
security in an ever changing world.
Importantly, the Management Team that
has been put in place for MOSAIC is
keeping the programme on track. I am
supported by the Senior Supplier, the
Senior User, and the MOSAIC Programme
Coordinator. We have continual oversight
on MOSAIC planning, resourcing,
implementation, communication, and
3
MOSAIC: SUPPLYING SOLUTIONS
By John Coyne
The MOSAIC programme is
transforming the IT of the Department
of Safeguards. Made up of more than
150 staff and contractors, MOSAIC
is bringing together different ideas
and delivering exciting results.
As Senior Supplier for the MOSAIC
programme, I oversee project
management — including software
development, IT infrastructure, and user
support resources. I ensure that the
required IT-related resources are supplied
to support programmatic activities and
that our staff have all the tools they need
to make MOSAIC a success. I work with
the Deputy Director General, the Senior
User, and the MOSAIC Programme
Coordinator to gain a holistic view of the
programme and make sure that, whenever
there is an issue with supply, we resolve it.
“MOSAIC’s objective
is to deliver the best
quality software for the
Department so that staff
can get their work done
in the most efficient
way. It is not to create
bureaucracies; it is
not to create papers
that are going to die.
It is to create great
software, and everyone
gets that message.”
When mainframe migration got underway
in 2012, we set off to replace several
old systems that were being supported
by an aged mainframe computer. This
phase of the modernization effort,
2012–2015, was devoted to moving
off the mainframe computer to a new
environment. The new Integrated
Safeguards Environment provides
John Coyne
Director, Office of Information
and Communication Systems,
Department of Safeguards, IAEA
MOSAIC Senior Supplier
4
modern and secure hardware from which
new applications can be built. It was a
big job involving the transfer of more
than 60 million records while ensuring
business continuity, but we completed it
successfully, on time, and on budget.
My colleagues pursue an agile approach
to tackling, and overcoming, the
challenges they face. Without such an
approach we would not be where we are;
if there are changes and adjustments
along the way, and in software
development there almost always are,
we are able to react appropriately.
Through this approach we have applied
many lessons learned and laid down
the foundations not only for MOSAIC,
but also a blueprint for conducting
future Departmental IT projects.
Once this was complete, we began to
produce new and improved tools with
which the Department of Safeguards
can perform its work. It is not about
changing what the Department does; we
are delivering systems which are driven
by humans so that the logic behind
decisions can always be explained. It is
about making what the Department does
more efficient and effective by removing
the manual, time consuming tasks which
relied on out of date technology.
Ultimately, we want to provide a suite
of applications to Safeguards that fit
together. It is one thing to develop a
wonderful piece of software that three
people can use; it is another thing if
around 900 people can use it. We have
gone a long way to achieving that, not
just in the existing systems but also
in the new ones. Completing this will
be a key metric of success in 2018.
The MOSAIC programme (15 May 2015
to 15 May 2018) is composed of over
20 different software development
projects, working together to build a solid
foundation from which the Department
of Safeguards will be able to perform
its work into the future. Behind this are
the people who work on these projects,
whether they are Product Owners,
Project Coordinators, Business Analysts,
Technical Leaders, Developers, or one of
the many others who contribute.
5
WHY IS MOSAIC IMPORTANT?
The MOSAIC programme, by using IT
to create efficiencies, is empowering
Safeguards staff to manage their
resources more effectively toward core
tasks. While the activities that Safeguards
perform will not change, tasks that
used to be paper-based are moving
into a digital environment. The potential
for more collaboration, data quality
improvement, exception checking, while
removing duplication of effort, mean
that MOSAIC will cut the time currently
spent on administration and paperwork.
“The MOSAIC applications are a must
have for Safeguards staff”, says Serin
Baubec, Section Head of User Support,
Office of Information and Communication
Systems in the Department of
Safeguards. “MOSAIC gives the staff of
Safeguards the capabilities they need to
maximize their productivity by providing
new and time-saving functions.”
was a development which unchained
new capabilities in an unprecedented
way. It was needed”, adds Serin.
MOSAIC is making sure the Department
is applying IT industry standards, both
technically and in project management.
“In the context of a
static budget, we needed
MOSAIC to deliver to our
users the IT capabilities
to perform their duties to
the same high standards
into the future.”
Importantly, MOSAIC is also providing the
tools to meet the challenges of the future.
By not investing in the modernization
of IT now, the Department would run a
risk of not being able to keep pace with
change and demand. “We had to break
with used patterns of activity. Maybe
10 or 15 years ago, our previous way
of IT provision may have been the best
way of working. But with the old model
you could not keep improving. MOSAIC
Serin Baubec
Section Head of User Support,
Office of Information and
Communication Systems,
Department of Safeguards, IAEA
6
However, there has also been an
important by-product. “One of the
biggest challenges in setting off on
a project like this is getting the users
engaged”, notes Samantha Gehring, Risk
Management Specialist in the Office
of Information and Communication
Systems. “Sometimes building the
bridges and communication needed
between IT staff and users can take a
very long time. But, right now, we are
seeing those bridges being constructed.
The Department can build on these.”
“MOSAIC has been the
push that was needed
to propel Safeguards
IT forward.”
As users see the benefits that MOSAIC is
bringing, Safeguards staff are enthused.
“We deal with interdisciplinary staff from
across the Department and therefore
our strategy has been to communicate
on different fronts”, notes Silvia Mantilla,
Project Outreach Officer in the Office of
Information and Communication Systems.
“We have, among others, newsletters,
forums, infographics, and videos about
MOSAIC. We are thinking more from our
audience perspective what do they really
need, and we are listening to everyone’s
comments in any way, shape, or form.”
With MOSAIC due to complete on 15 May
2018, maintaining that engagement
among stakeholders will be an essential
criterion in developing the software that
Safeguards will rely on going forward.
Samantha Gehring
Risk Management Specialist,
Office of Information and
Communication Systems,
Department of Safeguards, IAEA
7
HOW IS MOSAIC WORKING
IN PRACTICE?
Implementing a €41 million, modern IT
programme in the unique environment
of the Department of Safeguards has
presented a particular set of challenges.
To tackle and overcome these, MOSAIC
utilizes a custom blend of project
implementation methodologies to achieve
results. MOSAIC has adopted a flexible
approach in developing applications, and
meeting user and programmatic demands.
“We are a living, unique
organization. We could
not take pre-defined
project management and
delivery methodologies
and apply these blindly.
We adapted these
methodologies to our
needs so that we could
manage the involvement
of both the supplier side
and the business side.”
The MOSAIC programme comprises
over 20 projects, each of which is being
implemented following internationally
recognized methodologies. “We are
using the best practice of two worlds:
the clearly defined project management
methodology PRINCE2 and, for the
delivery of software, the SCRUM Agile
framework”, explains Remzi Kirkgoeze,
Section Head of the Project Section,
Office of Information and Communication
Systems within the Department of
Safeguards. The project management
methodology PRINCE2 is used for the
organization of MOSAIC. PRINCE2 allows
management to exercise control over
project initiation, budget, resources, risk,
dependencies, quality management, and
progress review in line with objectives.
Remzi Kirkgoeze
Section Head of the Project
Section, Office of Information
and Communication Systems,
Department of Safeguards, IAEA
8
“The project lifecycle includes initiation,
planning, execution, monitoring, and
closure”, says Remzi. “We adapted the
PRINCE2 methodology a little to suit the
needs of Safeguards. One of the most
important elements is that the user is
involved at all stages of the process.”
“The approach adopted involves a
development team having a set amount
of time in which to provide to users a
defined array of functionalities”, according
to Vipin Thomas, SCRUM Master in the
Office of Information and Communication
Systems. Daily stand-up meetings are
conducted, often with the Product Owner
present, to update team progress and
to raise any problems. These stand-up
meetings allow issues to be resolved
quickly, and streamline the way forward
so that the deliverables are provided on
time and to specification. “We involve
Product Owners directly so the SCRUM
Master and development team can make
sure expectations are met in the shortest
time. This also gives Product Owners
more confidence in their products”,
adds Vipin. Finally, a retrospective
is undertaken where team members
report on what went well, what did not
go well, and where lessons learned can
improve performance in the future.
“We have received so
much appreciation
from our colleagues in
Safeguards because
we are fulfilling their
expectations, staying on
budget, and meeting our
schedule. That is very
good news.”
Vipin Thomas,
SCRUM Master, Office of Information
and Communication Systems,
Department of Safeguards, IAEA
9
“The new solutions that
MOSAIC provides are
focusing on the needs of
our interdisciplinary staff.”
Haroldo Barroso Junior
Director, Division of Operations C,
Department of Safeguards, IAEA
MOSAIC Senior User
MOSAIC: MAKING OUR OPERATIONS
MORE EFFICIENT AND EFFECTIVE
By Haroldo Barroso Junior
are in regular contact with the Business
Analysts and Developers to express their
requirements. This means that our user
needs are driving development, and the
results have so far been impressive.
Within this section, you will find
case studies of several applications
being produced under the MOSAIC
programme. These applications will make
Safeguards more efficient and effective.
New nuclear facilities and material are
causing the demand for Safeguards’
services to increase. As a result, these
applications are not a luxury; they are
essential to ensuring the quality of
Safeguards service going forward.
However, one of the single most
successful aspects of MOSAIC is that
we are changing Safeguards information
technology from being person dependent
to being role dependent. With the
previous mainframe computer and
applications it supported, we were reliant
on a shrinking number of staff who knew
how to operate the technology. Today,
MOSAIC is providing user-friendly tools
that can be used by staff across the
Department. As a result, we are able to
pool ideas and increase cooperation. I
see users who are positive and motivated
to address all areas where Safeguards
work can be streamlined, and benefits
can be realized through MOSAIC.
As the Senior User of the MOSAIC project,
I am responsible for identifying the
current and future departmental needs of
inspectors, analysts, and other IT users.
I work with the MOSAIC Programme
Coordinator and the Senior Supplier in
supporting the Deputy Director General
of Safeguards in making major decisions
related to the planning, implementation,
and communication of the programme.
When MOSAIC is fully implemented
in May 2018, I have no doubt that
the user community, whether
Safeguards Inspectors, Analysts, or
any other group of users, will have a
set of tools capable of tackling the
increasing demands of providing
nuclear safeguards into the future.
The new solutions that MOSAIC provides
are focusing on the needs of our
interdisciplinary staff. Communication
within the project teams responsible for
developing the applications has been
free-flowing. Our designated Product
Owners, the lead users of a product,
11
CASE STUDY
STATE DECLARATIONS PORTAL
The State Declarations Portal (SDP), one
of the projects being handled under the
MOSAIC programme, will be one of the IT
systems most visible to those States and
regional authorities with IAEA safeguards
agreements. SDP will create a secure
web-based system to support information
exchange between States and regional
authorities and the Declared Information
Analysis Section in the Division of
Information Management, Department
of Safeguards. Once complete, SDP will
offer States and regional authorities a
new and efficient method of exchanging
information with the Department.
hub for safeguards declarations”, explains
Craig Parker, Systems Analyst in the
Office of Information and Communication
Systems, and Business Analyst and Project
Coordinator of SDP. “SDP will provide an
online, secure, web portal where State and
regional authorities can upload information
in encrypted format and receive
communications and reports from the
Currently, the Department receives
and provides feedback on nuclear
safeguards declarations from State and
regional authorities in multiple formats
and via different channels. The current
communication process can be lengthy
and labour intensive, with a significant
number of paper-based steps. “The
current modes of transmission for State
and regional authorities of nuclear
safeguards declarations can be via
email, post, fax, or delivered in person
from a Mission here in Vienna. How we
reply is via similar means. It is all very
manual”, says Alain Rialhe, Section Head
of the Declared Information Analysis
Section, and Product Owner of SDP.
“Currently, when
communicating with State
and regional authorities,
we call or send an email.
We do not have direct,
centralized, two-way
communication. SDP will
make communication
quicker, more effective,
and more efficient.”
The main benefits of SDP will come
through the quicker and more direct
transfer of information, statements, and
reports between the Department and
those State and regional authorities who
choose to adopt this new method of
communication. “It is a data exchange
Alain Rialhe
Section Head of the Declared
Information Analysis Section,
Division of Information Management,
Department of Safeguards, IAEA
Product Owner of the SDP project
12
Department. It will also provide a secure
means through which the Department
and a State or regional authority can
exchange information about any issues
with the reported data, requests for
approval or clarification, etc.” Additionally,
SDP will allow authorized Safeguards
users to access a centralized audit trail of
all communication with a given State or
regional authority, aiding staff knowledge
continuity and institutional memory.
“Most of the MOSAIC
projects tend to
be inward looking
applications. States see
the benefit in the quality
of the products that we
produce but it is not
something they interact
with directly. In contrast,
SDP is something
they can be using
each time they make a
safeguards declaration
or receive a report.”
SDP is an example of the Department
of Safeguards responding to Member
States’ expectations by modernizing its
IT systems. Not only will time and effort
be saved, but there will be increased
transparency for States and regional
authorities on the handling and status of
their declarations. “Many of the States
themselves have similar portals that they
use internally for receiving information from
facilities, so they are used to having these
services and they expect us to do the
same”, adds Craig. “We are demonstrating
that we can effectively modernize our
business practices and offer services
to the State and regional authorities
to make their lives easier as well.”
Craig Parker
Systems Analyst, Office of
Information and Communication
Systems, Department of Safeguards,
IAEA
One critical consideration of the SDP
project is ensuring the security of
information that goes through the portal.
Confidentiality is a legal obligation in
relation to State and regional authority
safeguards declarations, and this has
been central in the planning for SDP.
“Security is the main consideration
with SDP”, notes Alain. “Nothing will go
through SDP without being encrypted.
This is the only way to tackle this.”
Business Analyst and Project
Coordinator of the SDP Project
13
CASE STUDY
ELECTRONIC VERIFICATION PACKAGE
AND FIELD ACTIVITY REPORTING
Safeguards inspections are a central
element of the Department of Safeguards’
work. In 2015, Safeguards Inspectors
spent a total of 13 248 days in the field,
and by the end of the year were inspecting
709 nuclear facilities, and 200 110
Significant Quantities2 of nuclear material.
This work is critical for the production
of credible safeguards conclusions.
MOSAIC provides several tools to aid
Safeguards Inspectors in their work.
“By 2018, when an
inspector will prepare for
a field activity, a single
application, eVP, will
provide them with the
required information.
They will be able to focus
entirely on the goal of
their activity, rather
than chasing paper.”
The Electronic Verification Package (eVP)
application assembles and processes
in-field verification activities, including
their planning, reporting, and review.
“When an inspector goes out into the
field, they gather a large amount of
Safeguards data and information which
needs to be reported and further analysed
at headquarters. Today, most of the
process of gathering and reviewing the
information reported from the field is done
on paper”, says Alexis Vasmant, Senior
Inspector for State Level Coordination
within the Department of Safeguards,
and Product Owner for the eVP project.
“Currently, to find the relevant piece of
information for our work, we suffer from
a loss of productivity by having manually
to trawl through a mountain of paper.”
Alexis Vasmant
Senior Inspector for State
Level Coordination,
Department of Safeguards, IAEA
Product Owner for the eVP project
eVP will link, display, and provide access
to all available information associated
with a verification activity. As a result, a
Safeguards Inspector will have a single,
electronic resource for preparing and
2
A Significant Quantity is the amount of nuclear material
for which the possibility of manufacturing a nuclear
explosive device cannot be excluded.
14
recording verification. But eVP will not
only digitalize information so that it can be
analysed; it will also provide for workflow
management, quality checks, status
tracking, knowledge preservation, and
process management review. “Another
important benefit of eVP is that we will
be able to gather information on how to
improve our processes”, adds Alexis.
“eVP will help us streamline our work, find
efficiency gains, and therefore allow us
to send our statements to States faster.”
they find, while in the field. “By 2018, we
will provide an IT solution for all the needs
of inspectors in the field”, say Xiaojing
Wang, Systems Analyst / Programmer,
Office of Information and Communication
Systems, and Business Analyst for the
FAR project. “Inspectors are our main
user group. We meet on a daily basis
to define their requirements and find
the appropriate technical solutions.”
While eVP is associated with information
gathering and review, the Field Activity
Reporting (FAR) application provides
a comprehensive solution to assist
inspectors in reporting activities
performed. FAR integrates structured
data from all verification related activities
to provide a comprehensive picture
of how an inspection was conducted.
“FAR is a platform for standardizing our
reporting of the conduct of inspections”,
says Madiba Saidy, Nuclear Safeguards
Inspector within the Department of
Safeguards, and Product Owner of the
FAR project. “FAR provides multiple
advantages including data quality and
completeness checks. Overall, it means
that the Department spends less time
fixing data errors and exceptions.”
“Inspectors are our
main user group. By
2018, we will provide
an IT solution for all the
needs of inspectors in
carrying out a nuclear
safeguards inspection.”
Xiaojing Wang
Systems Analyst/Programmer,
Office of Information and
Communication Systems,
Department of Safeguards, IAEA
There are plans to integrate eVP and FAR,
plus other applications, so an inspector
has a single, user-friendly, repository of
information for what they do, and what
Business Analyst for the FAR project
15
CASE STUDY
COLLABORATIVE ANALYSIS PLATFORM
As envisioned in the 2014 report to IAEA
Board of Governors,3 the Collaborative
Analysis Platform (CAP) project is trialling
an analytical platform that can be an
asset for Safeguards’ core processes:
planning, information collection and
analysis, verification, and evaluation.
CAP gives users the capability to
search, collect, and integrate multiple
data and information sources to enable
comprehensive analysis. “CAP is a
suite of software applications that can
increase the effectiveness and efficiency
of the collection and processing of
Safeguards-relevant information available
to the Department. It also can facilitate
the evaluation of that information”,
says Fabian Rorif, Nuclear Safeguards
Inspector within the Department of
Safeguards, and Product Owner for
the CAP project. “CAP allows users
to simultaneously analyse a great
deal of information, more than ever
before, and see the links between the
different pieces of that information.”
“CAP would represent
a major leap forward in
analytics, especially at
a time when Safeguards
resources remain
constant and demands
on the Department
continue to grow. We
need something creative,
a game changer, to meet
this pressing demand.
CAP has this potential.”
State Evaluation Groups using CAP can
perform information tasks at a speed
and on a scale that was not possible
in the past, therefore increasing the
productivity of our current human
resources. “CAP is a useful tool, but
would not replace human capability to
3
Fabian Rorif
Nuclear Safeguards Inspector,
Department of Safeguards, IAEA
Product Owner for the CAP project
Modernization of Safeguards Information Technology,
Report by the Director General to the IAEA Board of
Governors, November 2014, GOV/INF/2014/24
16
perform analysis. It would support and
facilitate the analysis, but does not replace
the analyst”, adds Fabian. “However,
CAP would allow us to cope with a much
greater amount of information, and also
analyse that information in greater depth
than before.” The ability to establish
relationships between information from
multiple sources, across time, and over
ever increasing volumes of information,
would ensure that Safeguards continues
to make comprehensive findings.
“CAP could make sense
out of huge amounts of
data that are relevant
to our objectives. When
demonstrated in the
Department, it has
worked really well so far.
It seems that this way of
working bears fruit and
supports our mission.”
CAP also shows promise with the
collection and evaluation of open-source
information relevant to the nuclear fuel
cycle. CAP can collect and process much
more open-source information than the
Department currently has capacity for.
This, in turn, would enable Safeguards
Analysts to spend much more of their
time conducting substantive evaluation.
“CAP provides the capability to be able to
automate the collection of open-source,
public data”, highlights Daniel Calle,
Information Analysis Engineer within the
Office of Information and Communication
Systems, and Business Analyst for
the CAP project. “Essentially, trialling
CAP is about assessing the possible
solutions to allow our Analysts to spend
more time on the Departmental mission,
rather than dealing with manual tasks.”
Daniel Calle
Information Analysis Engineer,
Office of Information and
Communication Systems,
Department of Safeguards, IAEA
Business Analyst for the CAP project
17
MOSAIC AND INFORMATION SECURITY
Protecting safeguards information is
a legal obligation for the Department
of Safeguards and is, therefore, of
paramount importance. As part of the
MOSAIC programme, new features are
being added to upgrade the security of
Safeguards information and to protect
against new and emerging threats.
projects, Authorization Management
and Information Classification, are
tackling security concerns directly.
“We need to guard our data. We need to
assure our States that the information they
entrust us with is protected. To do this we
employ a defence-in-depth concept and
have a layered, risk-based approach to the
protection of our data. We do not rely on a
single control. There are multiple checks in
place if a control fails for any reason”, says
Scott Partee, Team Leader of the Systems
Engineering Team within the Office of
Information and Communication Systems.
“We take a layered
defence-in-depth
approach to Safeguards
data. While we maintain
IT and security expertise
to provide the hard
exterior, Safeguards data
sits in its own secure
environment with multiple
additional protections.”
The Department takes the security of
its information very seriously. Due to the
sensitivity of Safeguards information, a
security culture has developed within the
Department and staff are continually kept
informed of evolving threats. “The security
culture in the Department is strong”, adds
Scott. “It is noticeable that Safeguards
security awareness is constantly
improving. We are aware of the risk, and
as threats evolve so will our defences.”
Scott Partee
Team Leader of the
Systems Engineering Team,
Office of Information and
Communication Systems,
Department of Safeguards, IAEA
The MOSAIC programme is building
in security features to all applications
and networks. In addition, two
18
The Authorization Management project is
streamlining the approach of managing
access to Safeguards information.
By setting clearly defined policy and
procedures, the project will support
access management in an efficient and
effective manner across the Department.
It will provide an easy way to govern
and audit the access provision across
Safeguards systems, and provide
clear visibility into who has access to
information resources. “Authorization
Management will allow us to set
information availability rights according to
role, as opposed to person”, says John
Lepingwell, Senior Inspector for State
Level Coordination within the Department
of Safeguards, and Alternate Product
Owner of the Authorization Management
project. “It means that we will enhance our
governance, auditing, and accountability
of access to Safeguards information.
We will be able to monitor staff access
to such information 24/7.” The new
Authorization Management software
will be demonstrated to users during
2017, and will then be tailored to meet
their exact specifications. “Everyone
in the Department has always taken
information security seriously.
“Everyone is aware of
the kinds of threats
that we face, and we
continue training our
staff on potential threats.
People have begun to
ask more questions
such as ‘how can I
improve the protection
of this information?’
It is a cultural change
which shows we are
on the right path.”
John Lepingwell
Senior Inspector for
State Level Coordination,
Department of Safeguards, IAEA
However, due to the increasing cyber
threats over the last few years, staff
awareness of the information threats
particular to Safeguards has increased.
Product Owner for the Information
Classification project and Alternate
Product Owner for the Authorization
Management project
19
The tools being developed under MOSAIC
gives us the practical capabilities to
complement this awareness”, adds John.
The Information Classification project
is a broad, Department-wide effort
to define and implement a standard
procedure for the tracking of the highly
confidential, paper-based information
assets of the Department. The project will
improve the overall quality, consistency,
and transparency in the tracking of
these classified information assets.
Going forward, MOSAIC’s Information
Classification project will also provide
a software platform to support the
standard procedure. “I collaborate
with the Product Owners on a regular
basis to elicit requirements, to define
current processes, and to develop future
processes for our projects”, says Didem
Oguz Haydn, Business Analyst within the
Office of Information and Communication
Systems, and the Business Analyst
for the Information Classification and
Authorization Management projects. This
close collaboration between Product
Owners and Business Analysts is leading
to the development of processes and
software that meet the Department’s
unique security requirements.
“Information security
threats constantly evolve.
To continue to protect
Safeguards information
assets from these ever
growing threats, MOSAIC
provides additional
tools that extend the
capabilities of the current
information security
systems of Safeguards.”
Didem Oguz Haydn
Business Analyst,
Office of Information and
Communication Systems,
Department of Safeguards, IAEA
Business Analyst for the Authorization
Management and Information
Classification projects
20
MOSAIC: WHERE WE WILL BE IN 2018
From the user viewpoint, MOSAIC has
been a programme directly focused
on their needs, and is delivering tools
based on their exact specifications.
“Before MOSAIC we had well established
procedures for our work, but there were
a lot of variations and disconnected
work flows, which added time. Through
MOSAIC, we are developing modern,
standard procedures that streamline
the work”, says Ania Kaminski, Nuclear
Safeguards Inspector within the
Department of Safeguards. “There is a
lot of potential being realized through
the powerful group of tools that MOSAIC
is creating. In 2018, time consuming
activities will have been eliminated and
more time will be available for inspections
and analysis. It does not replace the
human mind and the power of inspections
and analysis, but it means that time
can be allocated to other objectives.”
“By using technology
to assist in reducing
duplication of effort and
streamlining processes,
MOSAIC gives us more
time to tackle our core
verification activities.”
Ania Kaminski
Nuclear Safeguards Inspector,
Department of Safeguards, IAEA
MOSAIC is not only improving the
efficiency of Safeguards work; it also
promises to improve data quality
checks and aid the weeding out of
erroneous information. “In 2018,
MOSAIC will improve the reliability
of the work of Safeguards”, says Igor
Tsvetkov, Senior Level Inspector for
State Level Coordination within the
Department of Safeguards. “Human
errors will be cut, follow-up will be
quicker, monitoring will be improved,
transparency will be enhanced, and the
overall quality of our work will go up.”
Product Owner for the Integration
of Safeguards Instrumentation Data
(ISID) project
21
MOSAIC has also changed the way
that the Department approaches the
development of its IT solutions. Under
MOSAIC, there has been a switch to
a user centred focus coupled with the
flexibility to respond to user needs.
“Since MOSAIC started, we have gone
from having an out of date mainframe
computer, to having a rich portfolio
of modern applications aligned with
the business needs and mission of
the Department”, notes Scott Miller,
Section Head of the Development
Section within the Office of Information
and Communication Systems. “This
has been a very productive period in
software development for Safeguards.”
Through the Agile development approach
applied in the MOSAIC programme,
the Department has hit on a winning
formula in software development, and
there is still more to come. “MOSAIC is
allowing us to do things that we have
always wanted to do”, adds Scott.
“We are hearing good
news, Safeguards
customers are happy,
and the people that
came here to develop
IT solutions with the
latest technologies
are successfully
getting to do that.”
Scott Miller
Section Head of the Development
Section, Office of Information
and Communication Systems,
Department of Safeguards, IAEA
22
THE MOSAIC TEAM
communication specialists. The MOSAIC
team is implementing international
standards through innovation.
MOSAIC is being delivered by a culturally
diverse, interdisciplinary team including
IT developers, business analysts,
project managers, risk analysts, and
23
MOSAIC:
BRINGING THE PIECES TOGETHER
By Florin Abazi
As I write this, MOSAIC is in full swing:
30 appointed user representatives meet
with their counterparts; more than 150
employees in the Department ‘sprint’
to ensure the delivery of products;
MOSAIC application training sessions
convene daily, coordination groups
weekly, and forums monthly. As you
read this, MOSAIC is improving how
Safeguards does its business.
“By bringing the pieces
of MOSAIC together to
complete application
development by 15 May
2018, and ensuring the
graceful transition of
operations and closure
of the programme by the
end of 2018, Safeguards
will take full advantage
of a suite of tools with
which to face the
challenges of tomorrow.”
On a strategic level, as MOSAIC
Programme Coordinator, I am accountable
for managing the programme scope,
schedules, and budgets to ensure that
we are receiving value on investment
and achieving results. I work directly
with the Deputy Director General of
Safeguards, Senior Supplier, and Senior
User on programme priorities, resources,
delivery, and implementation. On a project
delivery level, I also interface daily with
the various MOSAIC project teams to
address issues, concerns, and activities
requiring direction and decisions. As
a result, I see the whole spectrum of
MOSAIC, the elements that go into
making this programme a success, and
the people that are making the difference.
Florin Abazi
MOSAIC Programme Coordinator,
Office of the Deputy Director General,
Department of Safeguards, IAEA
24
As this publication demonstrates,
MOSAIC is a large project with a wide
scope. We implement strong programme
management control; PRINCE2 for
strategy-driven project management
and the Agile software development
methodology SCRUM for software
production. In tandem, these approaches
are delivering bespoke solutions to the
unique needs of our user community. To
name only a few of the successes so far,
we have a modern, integrated, and secure
environment; we have new reporting
modules for increased accuracy in field
activity reporting; we have new, advanced
search and analytical capabilities.
and aspirations for the programme,
and witnessing their positivity, I
have no doubt that we will meet
these challenges with vigour.
In all areas of safeguards, whether it be
collecting and processing safeguardsrelevant information, evaluating this
information, or establishing findings,
we have better tools now with which
to perform this work compared to
when the MOSAIC programme started
in 2015. In bringing the pieces of the
programme together and completing
the picture, in 2018 the Department
of Safeguards will be able to take full
advantage of a suite of tools with which
to face the challenges of tomorrow.
And what is so exciting is that there
is still so much more to come before
MOSAIC is completed. Highlights include
a new inspection scheduling system,
paperless verification reporting, and
a secure web portal to communicate
with State and regional authorities.
Of course, there are challenges that
we need to overcome. For example,
we need to train our users to use the
new applications. But from speaking
to the people involved in MOSAIC,
understanding their motivations
25
MOSAIC TIMELINE 2015–2018
SSDH-R
SSDH-C
SEEIS v2
CDMS
SG Master Data
Electronic State File
Additional Protocol
Authorization Management
State Declarations Portal
SEEIS v3
SG Data Analytics
IC
Collaborative Analysis Platform
Geobased Data Integration
Electronic Verification Package
SEQUOIA
MOSAIC Process Alignment
SG Security Model
ISID
State Level Data Configurator
Document Manager and Workflow Support
Field Activity Report
Integrated Scheduler and Planner
Training and Application Knowledge Base
JAN 2015
JAN 2016
JAN 2017
26
JAN 2018
THE PROJECTS OF MOSAIC
Completed:
•Computerized Inspection
Report Services (CIRS)
•Containment Data Management
System, Version 2 (CDMS v2)
•Mainframe migration and associated
parallel run and go-live activities
•Safeguards Effectiveness Evaluation
Information System, Version 2 (SEEIS v2)
•Safeguards Master Data,
Version 2 (SGMD v2)
•State Supplied Data Handling –
Core, Version 2 (SSDH-C v2)
•State Supplied Data Handling –
Reporting, Version 2 (SSDH-R v2)
Underway:
•Additional Protocol System (APS)
•Authorization Management
•Collaborative Analysis Project (CAP)
•Document Management and
Workflow Support (DMWS)
•Electronic State File (eSF)
•Electronic Verification Packages (eVP)
•Field Activity Reporting,
Version 2 (FAR v2)
•Geobased Data Integration (GDI)
•Information Classification (IC)
•Integrated Safeguards Environment (ISE)
•Integrated Scheduler and
Planner System (ISP)
•Integration of Safeguards
Instrumentation Data (ISID)
•MOSAIC Process Alignment
Project (MPAP)
•Safeguards Effectiveness Evaluation
Information System, Version 3 (SEEIS v3)
•Safeguards Equipment Management
System (SEQUOIA)
•Safeguards Data Centre Upgrade
•Safeguards Implementation
Report Analytical Tool (SANT)
•Safeguards Security Model
•State Declarations Portal (SDP)
•State-Level Data Configurator (SLDC)
27
Editorial board:
Florin Abazi, Silvia Mantilla, Adem Mutluer
Photos:
Dean Calma
Prepared, coordinated, and edited by:
Adem Mutluer
Published by:
Department of Safeguards
International Atomic Energy Agency
PO Box 100, 1400 Vienna, Austria
www.iaea.org
Copyright 2016 IAEA
Disclaimer:
Photographs and illustrations are made available
courtesy of the authors and the IAEA. Extracts
from this publication may be freely used elsewhere
provided acknowledgement of their source is made.
16-39761
IAEA contributors:
Serin Baubec, Daniela Breazu, Daniel Calle,
Peter Chow, Frederic Claude, John Coyne,
Ed Gascon, Samantha Gehring, Ania Kaminski,
Remzi Kirkgoeze, John Lepingwell, Silvia Mantilla,
Scott Miller, Didem Oguz Haydn, Craig Parker,
Scott Partee, Stephen Pullinger, Alain Rialhe,
Fabian Rorif, Madiba Saidy, Vipin Thomas,
Igor Tsvetkov, Alexis Vasmant, Bernhard
Walter, Xiaojing Wang, Gregg Whitaker.